GHSA-8vg7-gh73-866v

Source

https://github.com/advisories/GHSA-8vg7-gh73-866v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8vg7-gh73-866v/GHSA-8vg7-gh73-866v.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8vg7-gh73-866v

Aliases

CVE-2018-1999028

Published

2022-05-13T01:50:55Z

Modified

2024-02-16T08:04:25.042061Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Jenkins Accurev Plugin CSRF vulnerability and missing permission checks

Details

An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.

Database specific

{
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-200"
    ],
    "nvd_published_at": "2018-08-01T13:29:00Z",
    "github_reviewed_at": "2024-01-09T22:42:30Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:accurev

Package

Name: org.jenkins-ci.plugins:accurev; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/accurev

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.17

Affected versions

0.*

0.6.19

0.6.20

0.6.21

0.6.22

0.6.23

0.6.24

0.6.25

0.6.26

0.6.27

0.6.28

0.6.29

0.6.30

0.6.31

0.6.32

0.6.33

0.6.34

0.6.35

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

0.7.5

0.7.6

0.7.7

0.7.8

0.7.9

0.7.10

0.7.11

0.7.12

0.7.13

0.7.14

0.7.15

0.7.16

Database specific

last_known_affected_version_range

"<= 0.7.16"